Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark package security-only #41

Merged
merged 5 commits into from
Jul 14, 2022
Merged

Mark package security-only #41

merged 5 commits into from
Jul 14, 2022

Conversation

weierophinney
Copy link
Member

Q A
Documentation yes
Bugfix yes
BC Break no
New Feature yes
RFC yes
QA yes

Description

Per a decision by the Technical Steering Committee, this patch marks the package "security-only", meaning it will only receive updates to resolve security issues going forward.

To accomplish this, I've made the following changes:

  • I have updated the README.md to indicate it is security-only.
  • I have updated the composer.json to restrict to Composer plugin API versions > 1.1 and < 2.3.
  • I have added verbiage to the README.md and the documentation indicating that this package only works with Composer versions < 2.3.
    This is due to the fact that 2.3 introduces BC-breaking changes to the plugin API that we cannot accommodate.
    The documentation also details how to install Composer 2.2 and/or rollback to that version when needing to use this package.
  • I have added a CI pre-install script that will rollback the Composer version if it is greater than 2.3.

@weierophinney
docs: mark project as security-only
9169e4f 
Updates README.md file to indicate this project is security-only.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney
fix: limit to Composer versions under 2.3.0
54d508a 
Version 2.3 made BC-incompatible changes to the plugin API, and it's next-to-impossible to adapt the plugin to work against each of Composer v1, Composer v2 <2.3.0, and Composer v2 >= 2.3.0.
As such, we are now restricting usage of this package to the Composer v2.2 LTS or before.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney
docs: detail how to rollback to Composer 2.2
c52c7fd 
Indicates that this version requires Composer 2.2 or prior, and how to install or rollback to that version.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney
qa: rollback to Composer 2.2 when testing
fabd216 
Necessary so that installation does not fail.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney weierophinney added this to the 2.3.0 milestone Jul 14, 2022
@weierophinney
docs: fix linting errors
90599da 
Trailing whitespace in message to the Russian people.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@Ocramius Ocramius self-assigned this Jul 14, 2022
@Ocramius Ocramius merged commit 8b93102 into laminas:2.3.x Jul 14, 2022
@weierophinney weierophinney deleted the feature/security-only branch July 14, 2022 14:37
@fezfez fezfez mentioned this pull request Nov 18, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ocramius Ocramius Ocramius approved these changes

Assignees

@Ocramius Ocramius

Labels
Enhancement
Projects
None yet
Milestone
2.3.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@weierophinney @Ocramius